Critical Perspectives on Provable Security: Fifteen Years of Another Look Papers

We give an overview of our critiques of “proofs” of security and a guide to our papers on the subject that have appeared over the past decade and a half. We also provide numerous additional examples and a few updates and errata

Pairings in Cryptology: efficiency, security and applications

Abstract The study of pairings can be considered in so many di�erent ways that it may not be useless to state in a few words the plan which has been adopted, and the chief objects at which it has aimed. This is not an attempt to write the whole history of the pairings in cryptology, or to detail every discovery, but rather a general presentation motivated by the two main requirements in cryptology; e�ciency and security. Starting from the basic underlying mathematics, pairing maps are con- structed and a major security issue related to the question of the minimal embedding �eld [12]1 is resolved. This is followed by an exposition on how to compute e�ciently the �nal exponentiation occurring in the calculation of a pairing [124]2 and a thorough survey on the security of the discrete log- arithm problem from both theoretical and implementational perspectives. These two crucial cryptologic requirements being ful�lled an identity based encryption scheme taking advantage of pairings [24]3 is introduced. Then, perceiving the need to hash identities to points on a pairing-friendly elliptic curve in the more general context of identity based cryptography, a new technique to efficiently solve this practical issue is exhibited. Unveiling pairings in cryptology involves a good understanding of both mathematical and cryptologic principles. Therefore, although �rst pre- sented from an abstract mathematical viewpoint, pairings are then studied from a more practical perspective, slowly drifting away toward cryptologic applications

On the security of the identity-based encryption based on DHIES from ASIACCS 2010

In ASIACCS 2010, Chen, Charlemagne, Guan, Hu and Chen proposed an interesting construction of identity-based encryption based on DHIES, whose key extraction algorithm makes use of the multivariate quadratic equation. They proved that their scheme is selective-ID secure against chosen ciphertext attack, i.e. secure in the sense of IND-sIDGGA. Unfortunately, in this paper, we demonstrate that Chen et aJ.\u27s scheme is insecure in the sense of IND-sID-GGA by showing that the private key extraction algorithm of their scheme can be exploited to apply XL algorithm, which is to solve the multivariate quadratic (MQ) problem (under certain conditions)